This invention relates generally to systems and methods for multi-merchant tokenization of transaction payments. Such systems and methods enable merchants to increase security for payments and transactions, shifts storage of account information from central payment processor to the merchant, and provides for more seamless transactions across groups of related merchants.
Payment for a transaction, when done electronically, is subject to security breaches which may compromise sensitive financial data. Further, as point of sales systems become more advanced, more transactions are performed electronically, and as hackers become more sophisticated, security concerns are continually increasing.
In the early days of electronic transactions, dedicated magnetic card readers would scan a credit card's data and transfer it to a payment service for completion of the transaction. These communications were typically over a dial connection and required basic encryption in the reader device in order to maintain security of the packet.
Over time, the reader devices have become more advanced, often with internet connections and data input ports that enable malware to infect point of sales terminals. Further, as more and more retailers have moved to transfer of data over the internet, additional security features have been developed.
Most notably, “tokenization” is a means for replacing sensitive information with a “token” of data that is non-decryptable by the merchant (requires a third party decryption). Traditionally, tokenization in transaction payment systems would include storing the sensitive information at the payment processor in a centralized database, and supplying back an ID to the merchant. The ID would relate back to the account data, but if intercepted would not contain any sensitive information. This enables increased security because the sensitive information only needs to be transferred between the merchant and the payment service once. However, such prior systems are not without drawbacks. For example, by centrally locating account information for a wide variety of businesses, a single breach of security into the database could compromise a large number of accounts, in these prior systems. This is a very large risk for payment processors. Additionally, the token returned to the merchant is typically only redeemable by that merchant in further transactions. As such, prior tokenization efforts are limited to a single business line.
Often a merchant may have multiple locations that work together, and as such current systems may limit these merchants from all relying upon a single token. Thus, account information has to be input by the varied merchants individually in order to perform the transaction for a single customer.
It is therefore apparent that an urgent need exists for systems and methods for multi merchant tokenization for improved security for transaction payment processing. Such systems will have the added benefit of decentralizing sensitive account data in a manner which increases security of user data, while shifting risks away from the payment service.